Threat Intelligence Blog

Cyveillance Weekly Trends Report–December 9, 2014

Welcome to the Cyveillance Weekly Trends Report

Since threat intelligence is constantly evolving, we publish this weekly report to keep our customers updated on the latest threats across a variety of industries. You can read an abridged version below. Follow us on Twitter and subscribe to our blog to make sure you don’t miss any of the latest security articles from Cyveillance experts.

Top Incidents

Global Intelligence

For more than two years, pro-Iranian hackers penetrated some of the world’s most sensitive computer networks, including those operated by a US-based airline, auto maker, natural gas producer, defense contractor, and military installation. In many cases, “Operation Cleaver,” as the sustained hacking campaign is being dubbed, has attained the highest levels of system access of targets in 16 countries, researchers say. Compromised systems in the ongoing attacks include Active Directory domain controllers that store employee login credentials, servers running Microsoft Windows and Linux, routers, switches, and virtual private networks. With more than 50 victims that include airports, hospitals, telecommunications providers, chemical companies, and governments, the Iranian-backed hackers are reported to have extraordinary control over much of the world’s critical infrastructure.

Insurance/Healthcare

A recent email phishing scam is targeting numerous organizations, including healthcare companies. More than 100 organizations have been attacked by cybercriminals for over a year, according to a report from security firm FireEye. FireEye calls the online attackers FIN4, and explains that they don’t infect their victims with malware, but instead capture usernames and passwords to victims’ email accounts. From there they can read private email exchanges, and could use the information gleaned from this for trading stocks.

Legal and Regulations

Federal District Judge Paul Magnuson has ruled that banks that issued credit and debit cards to customers whose data was stolen in the December 2013 Target data breach could continue to litigate claims against Target for negligence and violation of Minnesota’s Plastic Security Card Act (“MPCSA”), Minn. Stat. § 325E.64.

Retail

Researchers at Trend Micro have come across a sample of a new point-of-sale (PoS) malware that appears to be under development. Designated by the security firm as TSPY_POSLOGR.K, the threat relies on multiple components to carry out its mission, which makes it similar to a recently discovered variant of the notorious BlackPoS malware (TSPY_MEMLOG.A).

Technology

The FBI is warning businesses about a new hacking threat in the wake of a vast attack on Sony Pictures last week. The threat comes from the same type of malicious software that infected Sony’s computer systems, a law enforcement official told CNN.

Defense

“Operation death click” is an advanced persistent threat targeting the US defense industry. It uses social engineering, malvertising and real-time bidding as its main tools to compromise victims’ computers, and uses digital advertising targeting technology to find victims. ODC is also defined as “micro-targeted malvertising” — a combination of malvertising with targeted attacks.

Law Enforcement

The Department of Justice is creating a dedicated cybersecurity unit within its Criminal Division which will serve as a central hub for law enforcement officials. It will provide legal guidance regarding the criminal electronic surveillance statutes that cover complex cyber investigations. The unit is intended to ensure that law enforcement’s electronic surveillance tools are effectively used, while also protecting the privacy of Americans.